Our rewards program encourages researchers to contribute to the security of the Ark Ecosystem through the following bounties:

We know that software will always have flaws that are hard to notice initially. As we take security of our network as a top priority, we provide a security/vulnerability bounty for bugs or errors in the ARK Core that could potentially harm or exploit the Ark Network.

Security vulnerabilities that usually have no impact on the whole blockchain infrastructure, but can still pose problems for some specific things.

Examples:

Things that only affect a subset of nodes (e.g. hardware failures caused by an attack when the server satisfies the minimum requirements)

Inconveniences caused by a malicious delegate).

Including a patch with your findings will also make you eligible for a bonus of up to 50% on top of these numbers. To get a bonus make sure to follow the steps outlined here: https://docs.ark.io/security/contributing/#procedure-for-a-pach
The size of the bonus is determined at the sole discretion of the Core Developers.

Never maliciously initiate an exploit on ARK Public Network, if you need to validate your setup use your own local Ark Network or use Ark Developer Network

To receive the bounty, you must send an in-depth explanation in an email to security@ark.io with the steps to reproduce the vulnerability and if possible a patch or PoC to negate the security vulnerability in question.

Security bounty can fall in higher or lower tier than you anticipated, all our decisions are final. Exploits which make indirect use of already known issues might not be eligible for a security bounty. Do not take every word literal and examples serve as a basis on what you can expect (it also depends a lot on circumstances of how you can exploit it, what’s the impact and every security vulnerability is evaluated on a case by case basis). Security vulnerabilities are paid in ARK based on the daily average rate before the payout.